A Malware Detection and Extraction Method for the Related Information Using the ViT Attention Mechanism on Android Operating System-Reference-Cited by-同舟云学术

A Malware Detection and Extraction Method for the Related Information Using the ViT Attention Mechanism on Android Operating System

Published:2023-06-05 Issue:11 Volume:13 Page:6839
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Jo Jeonggeun¹^ORCID,Cho Jaeik²^ORCID,Moon Jongsub¹^ORCID

Affiliation:

1. Department of Information Security, Korea University, Seoul 02841, Republic of Korea

2. Department of Computer Science, Lewis University, Romeoville, IL 60446, USA

Abstract

Artificial intelligence (AI) is increasingly being utilized in cybersecurity, particularly for detecting malicious applications. However, the black-box nature of AI models presents a significant challenge. This lack of transparency makes it difficult to understand and trust the results. In order to address this, it is necessary to incorporate explainability into the detection model. There is insufficient research to provide reasons why applications are detected as malicious or explain their behavior. In this paper, we propose a method of a Vision Transformer(ViT)-based malware detection model and malicious behavior extraction using an attention map to achieve high detection accuracy and high interpretability. Malware detection uses a ViT-based model, which takes an image as input. ViT offers a significant advantage for image detection tasks by leveraging attention mechanisms, enabling robust interpretation and understanding of the intricate patterns within the images. The image is converted from an application. An attention map is generated with attention values generated during the detection process. The attention map is used to identify factors that the model deems important. Class and method names are extracted and provided based on the identified factors. The performance of the detection was validated using real-world datasets. The malware detection accuracy was 80.27%, which is a high level of accuracy compared to other models used for image-based malware detection. The interpretability was measured in the same way as the F1-score, resulting in an interpretability score of 0.70. This score is superior to existing interpretable machine learning (ML)-based methods, such as Drebin, LIME, and XMal. By analyzing malicious applications, we also confirmed that the extracted classes and methods are related to malicious behavior. With the proposed method, security experts can understand the reason behind the model’s detection and the behavior of malicious applications. Given the growing importance of explainable artificial intelligence in cybersecurity, this method is expected to make a significant contribution to this field.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/11/6839/pdf

Reference45 articles.

1. Šembera, V., Paquet-Clouston, M., Garcia, S., and Erquiaga, M.J. (2021, January 6–10). Cybercrime specialization: An exposé of a malicious Android Obfuscation-as-a-Service. Proceedings of the 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria.

2. A review of android malware detection approaches based on machine learning;Liu;IEEE Access,2020

3. Deep learning for android malware defenses: A systematic literature review;Liu;ACM Comput. Surv.,2022

4. Freitas, S., Duggal, R., and Chau, D.H. (2022, January 17–21). MalNet: A Large-Scale Image Database of Malicious Software. Proceedings of the 31st ACM International Conference on Information & Knowledge Management, Atlanta, GA, USA.

5. Gerlings, J., Shollo, A., and Constantiou, I. (2020). Reviewing the need for explainable artificial intelligence (xAI). arXiv.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Visualising Static Features and Classifying Android Malware Using a Convolutional Neural Network Approach;Applied Sciences;2024-05-31

2. Unveiling the Depths of Explainable AI;Advances in Systems Analysis, Software Engineering, and High Performance Computing;2024-03-18

3. Enhancing android malware detection explainability through function call graph APIs;Journal of Information Security and Applications;2024-02

4. Enhancing Malware Detection Through Machine Learning Using XAI with SHAP Framework;IFIP Advances in Information and Communication Technology;2024

5. A novel vision transformer model for rumor prediction in COVID-19 data CT images;Journal of Intelligent & Fuzzy Systems;2023-12-20